Developing a risk management plan is simply a matter of following the five steps described below. The risk management plan thus becomes a straightforward byproduct of the processes like:

1) Risk Identification2) Risk Categorization3) Risk Prioritization

Step-1: Creation of a risk categorization table

Using different categories, a risk categorization table is constructed. This table is the starting point for identification of specific risks on each project.

The project team can use this table to review categories of risk for their project. It also provides the team with a set of factors to consider, and provides slots for them to decide which factors are relevant and what evidence they have.

As the organization learns more about its performance it may decide on ways to compare ratings on a given project with its prior history. It may determine total-rating count, or number of risks, or some combination of number and level of impact that predicts project failure or success.

Step-2:

Ranking of the risks to the project for every category

a) Risk factors and areas:

Under each category, this column lists category risk factors.

b) Low risk evidence (L): This column has characteristics of the risk factor when it can be considered as a low risk to the project.

c) Medium risk evidence (M):

This column has characteristics of the risk factor when it provides a medium risk.

d) High-risk evidence (H):

This column has characteristics of the risk factor when it should be considered as a high risk.

Provide information about project specifics that supports the rating choice.

It may be kept in mind that in some cases, evidence in one category for high risk may be evidence for low risk in another. For example, support for organization goals or use of new technologies may be taken either way, depending on the situation.

Following Tables indicates the risk factors and categories with their respective evidence of low, medium and high risk. These tables are nothing but templates that can be used as a starting point for any software development project. Categories, factors, and evidence can easily be modified within this framework for any project.

Step-3:

Sorting of the risk table in the order of riskSorting of the risk table is done in order of risk with high-risk items being the first.

# When "High" rating risks are more than ten; calculate the risk exposure. These become our key risks.

# Identify different means to control every key risk, establish ownership of the desired action, and decide the date of completion.

# Integrate the key risks into the project plan and find out the impact of decided schedule and cost.

Step-4: Design a risk format for regular weekly review

Establish a regular risk format for weekly project status meetings. At a minimum, show the status of the top ten, the ranking of each one from the previous week, and the number of weeks on the list. Show the risk response report and the risk change report.

Step-5: Continuity of Risk Management Process

The final step is to ensure that risk management is an ongoing process within your project management. Monitoring and control of the risk list must be done on a regular basis. The project manager and team must be aware of the identified risks and the processes for resolving them. New risks must be identified as soon as possible, prioritized, and added-on to the risk management plan. High-priority risks must be worked on with respect to the overall project plan.

A) Project Management Related Factors:

Risk Factors and Categories

L - Low Risk Evidence

M -Medium Risk Evidence

H- High Risk Evidence

Rating

Approach

Product and process planning and monitoring in place

Planning and monitoring need enhancement

weak or nonexistent planning and monitoring

Communication

Clearly communicates goals and status between the team and rest of the organization

Communicates some of the information some of the time

Rarely communicates clearly to team or to others who need to be informed of team status

B) Schedule Related Factors:

Risk Factors and Categories

L - Low Risk Evidence

M -Medium Risk Evidence

H- High Risk Evidence

Rating

Delivery commitment

Stable commitment dates

Some uncertain commitments

Unstable, fluctuating commitments

Development schedule

Team projects that schedule is acceptable and can be met

Team finds one phase of the plan to have a schedule that is too aggressive

Team projects that two or more phases of schedule are unlikely to be met

C) Project Content Related Factors:

Risk Factors and Categories

L - Low Risk Evidence

M -Medium Risk Evidence

H- High Risk Evidence

Rating

Requirements stability

Little or no change expected to be approved set (baseline)

Some change expected against approved set

Rapidly changing or no agreed upon baseline

System testability

System requirements easy to test, plans underway

Parts of system hard to test, or minimal planning being done

Most of system hard to test, or no test plans being made

D) Customer Related Factors:

Risk Factors and Categories

L - Low Risk Evidence

M -Medium Risk Evidence

H- High Risk Evidence

Rating

Customer involvement

End-users highly involved with project team provide significant impact on system

End-users play minor roles, moderate impact on system

Minimal or no end user involvement little end-user input

Customer

End-users highly experienced in similar projects, have specific ideas of how needs can be met

End-users have experience with similar projects & have needs in mind

End-users have no previous experience with similar project unsure of how need can be met

E) Mission & Goals Related Factors:

Risk Factors and Categories

L - Low Risk Evidence

M -Medium Risk Evidence

H- High Risk Evidence

Rating

Project Fit

Directlysupports organization mission and/ or goals

Indirectly impacts one or more goals

Does not. Support or relate to organization mission or goals

Work Flow

Little or no change to work flow

Will change some aspect or have small effect on work flow

Significantly changes the work flow or method of organization

F) Organization Management Related Factors:

Risk Factors and Categories

L - Low Risk Evidence

M -Medium Risk Evidence

H- High Risk Evidence

Rating

Organization stability

Little or no change in management or structure expected

Some management change or reorganization expected

Management or organization structure is continually or rapidly changing